Shibboleth Developers

["Scott Cantor" <>]

> I have shib 2.0 SP working... and i am busy doing app level things.
> I used the stock AAP.xml with shib 1.3 which delivered upper-cased
> environment variables of the form HTTP_SHIB_stuff.

No, actually it delivered headers. By default, the 2.0 SP uses environment
variables with Apache because they're more secure. You can use
ShibUseHeaders to re-enable headers and/or ShibUseEnvironment to de-activate
that option.

> Should there at least be a compatibility section of attribute-map
> that specifies things as they were in 1.3 to ease application transition?

Well, there's no compatibility out of the box as it is because of the switch
to the environment. I prefer to use more rational names as a default now.
Compatibility is really a local concern. We don't use those header names at
all at OSU, for example, we have our own.

But it's easy enough for somebody to post a file like that. The last thing I
want to see is applications hard coding them, FWIW.

> Would it be as simple as adding to attribute-map.xml
> 
> <Attribute name="urn:mace:dir:attribute-def:cn"
> id="HTTP_SHIB_PERSON_COMMONNAME"/>

You'd have to change the Apache option, and use a header name that will
become what you want, same as the old Header setting in the AAP. That one
would map to HTTP_HTTP_SHIB_PERSON_COMMONNAME.

> Can you map a single attribute to multiple header values?

Yes, the id attribute in the file is a space delimited list of values now. 

-- Scott